Skip to main content

Obfuscation and Diversification for Securing Cloud Computing

  • Conference paper
  • First Online:
Enterprise Security (ES 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10131))

Included in the following conference series:

Abstract

The evolution of cloud computing and advancement of its services has motivated the organizations and enterprises to move towards the cloud, in order to provide their services to their customers, with greater ease and higher efficiency. Utilizing the cloud-based services, on one hand has brought along numerous compelling benefits and, on the other hand, has raised concerns regarding the security and privacy of the data on the cloud, which is still an ongoing challenge. In this regard, there has been a large body of research on improving the security and privacy in cloud computing. In this chapter, we first study the status of security and privacy in cloud computing. Then among all the existing security techniques, we narrow our focus on obfuscation and diversification techniques. We present the state-of-the-art review in this field of study, how these two techniques have been used in cloud computing to improve security. Finally, we propose an approach that uses these two techniques with the aim of improving the security in cloud computing environment and preserve the privacy of its users.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    This book chapter is a re-written extended version of our previous study (Hosseinzadeh et al. 2015).

References

  • Browserify (2016). http://browserify.org. Accessed 08 Apr 2016

  • Cloud Security Alliance (CSA) (2016). https://cloudsecurityalliance.org/. Accessed 08 Apr 2016

  • Free JavaScript obfuscator Protect JavaScript code from stealing and shrink size (2016). https://javascriptobfuscator.com. Accessed 08 Apr 2016

  • Getting started–Less.js (2016). http://lesscss.org. Accessed 08 Apr 2016

  • Gulp-js-obfuscator (2016a). https://www.npmjs.com/package/gulp-js-obfuscator. Accessed 08 Apr 2016

  • Gulp.js The streaming build system (2016b). http://gulpjs.com. Accessed 08 Apr 2016

  • js-obfuscator (2016). https://www.npmjs.com/package/js-obfuscator. Accessed 08 Apr 2016

  • Laverna Keep your notes private (2016). https://laverna.cc. Accessed 08 Apr 2016

  • NMP (2016). https://www.npmjs.com. Accessed 08 Apr 2016

  • Source Map Revision 3 Proposal (2016). https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-2gc6fAH0KY0k. Accessed 08 Apr 2016

  • The International Information Systems Security Certification Consortium (ISC)2 (2016). https://www.isc2.org/. Accessed 08 Apr 2016

  • Agir, B., Papaioannou, T., Narendula, R., Aberer, K., Hubaux, J.-P.: User-side adaptive protection of location privacy in participatory sensing. GeoInformatica 18(1), 165–191 (2014)

    Article  Google Scholar 

  • Arockiam, L., Monikandan, S.: Efficient cloud storage confidentiality to ensure data security. In: 2014 International Conference on Computer Communication and Informatics (ICCCI), pp. 1–5 (2014)

    Google Scholar 

  • Baudry, B., Monperrus, M.: The multiple facets of software diversity: recent developments in year 2000 and beyond. ACM Comput. Surv, 48(1), 16:1–16:26 (2015)

    Google Scholar 

  • Bertholon, B., Varrette, S., Bouvry, P.: JShadObf: a JavaScript obfuscator based on multi-objective optimization algorithms. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 336–349. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38631-2_25

    Chapter  Google Scholar 

  • Bertholon, B., Varrette, S., Bouvry, P.: Comparison of multi-objective optimization algorithms for the Jshadobf JavaScript obfuscator. In: 2014 IEEE International, Parallel Distributed Processing Symposium Workshops (IPDPSW), pp. 489–496 (2014)

    Google Scholar 

  • Bertholon, B., Varrette, S., Martinez, S.: Shadobf: A c-source obfuscator based on multi-objective optimization algorithms. In: 2013 IEEE 27th International Parallel and Distributed Processing Symposium Workshops PhD Forum (IPDPSW), pp. 435–444 (2013b)

    Google Scholar 

  • Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the analysis of the zeus botnet crimeware toolkit. In: Proceedings of the 8th Annual International Conference on Privacy, Security and Trust (PST), pp. 31–38. IEEE (2010)

    Google Scholar 

  • Celesti, A., Fazio, M., Villari, M., Puliafito, A.: Adding long-term availability, obfuscation, and encryption to multi-cloud storage systems. J. Netw. Comput. Appl. (2014)

    Google Scholar 

  • Chang, V.: Towards a big data system disaster recovery in a private cloud. Ad Hoc Netw. 35, 65–82 (2015). Special Issue on Big Data Inspired Data Sensing, Processing and Networking Technologies

    Article  Google Scholar 

  • Chang, V., Kuo, Y.-H., Ramachandran, M.: Cloud computing adoption framework: a security framework for business clouds. Future Gener. Comput. Syst. 57, 24–41 (2016)

    Article  Google Scholar 

  • Chang, V., Ramachandran, M.: Towards achieving data securCloud computing adoption framework: a security framework for business cloudsity with the cloud computing adoption framework. IEEE Trans. Serv. Comput. 9(1), 138–151 (2016)

    Article  Google Scholar 

  • Chen, T.M., Abu-Nimeh, S.: Lessons from stuxnet. Computer 44(4), 91–93 (2011)

    Article  Google Scholar 

  • Cohen, F.B.: Operating system protection through program evolution. Comput. Secur. 12(6), 565–584 (1993)

    Article  Google Scholar 

  • Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical report, Department of Computer Science, The University of Auckland, New Zealand (1997)

    Google Scholar 

  • Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1998, pp. 184–196. ACM, New York (1998)

    Google Scholar 

  • Dierks, T.: The Transport Layer Security (TLS) protocol version 1.2 (2008)

    Google Scholar 

  • Drape, S., Majumdar, A.: Design and evaluation of slicing obfuscation. Technical report, Department of Computer Science, The University of Auckland, New Zealand (2007)

    Google Scholar 

  • Furukawa, R., Takenouchi, T., Mori, T.: Behavioral tendency obfuscation framework for personalization services. In: Decker, H., Lhotská, L., Link, S., Basl, J., Tjoa, A.M. (eds.) DEXA 2013. LNCS, vol. 8056, pp. 289–303. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40173-2_24

    Chapter  Google Scholar 

  • Gao-xiang, G., Zheng, Y., Xiao, F.: The homomorphic encryption scheme of security obfuscation. In: Tan, T., Ruan, Q., Chen, X., Ma, H., Wang, L. (eds.) IGTA 2013. CCIS, vol. 363, pp. 127–135. Springer, Heidelberg (2013). doi:10.1007/978-3-642-37149-3_16

    Chapter  Google Scholar 

  • Govinda, K., Sathiyamoorthy, E.: Agent based security for cloud computing using obfuscation. Procedia Eng. 38, 125–129 (2012)

    Article  Google Scholar 

  • Gühring, P.: Concepts against Man-in-the-Browser Attacks (2006). www.cacert.at/svn/sourcerer/CAcert/SecureClient.pdf

  • Guo, M., Bhattacharya, P.: Diverse virtual replicas for improving intrusion tolerance in cloud. In: Proceedings of the 9th Annual Cyber and Information Security Research Conference, CISR 2014, pp. 41–44. ACM, New York (2014)

    Google Scholar 

  • Hataba, M., El-Mahdy, A.: Cloud protection by obfuscation: techniques and metrics. In: 2012 Seventh International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), pp. 369–372 (2012)

    Google Scholar 

  • Hosseinzadeh, S., Hyrynsalmi, S., Conti, M., Leppänen, V.: Security and privacy in cloud computing via obfuscation and diversification: a survey. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 529–535 (2015)

    Google Scholar 

  • Kansal, K., Mohanty, M., Atrey, Pradeep, K.: Scaling and cropping of wavelet-based compressed images in hidden domain. In: He, X., Luo, S., Tao, D., Xu, C., Yang, J., Hasan, M.A. (eds.) MMM 2015. LNCS, vol. 8935, pp. 430–441. Springer, Heidelberg (2015). doi:10.1007/978-3-319-14445-0_37

    Google Scholar 

  • Karuppanan, K., AparnaMeenaa, K., Radhika, K., Suchitra, R.: Privacy adaptation for secured associations in a social cloud. In: 2012 International Conference on Advances in Computing and Communications (ICACC), pp. 194–198 (2012)

    Google Scholar 

  • Kuzu, M., Islam, M. S., Kantarcioglu, M.: Efficient privacy-aware search over encrypted databases. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, pp. 249–256. ACM, New York (2014)

    Google Scholar 

  • Lamanna, D.D., Lodi, G., Baldoni, R.: How not to be seen in the cloud: a progressive privacy solution for desktop-as-a-service. In: Meersman, R., Panetto, H., Dillon, T., Rinderle-Ma, S., Dadam, P., Zhou, X., Pearson, S., Ferscha, A., Bergamaschi, S., Cruz, I.F. (eds.) OTM 2012. LNCS, vol. 7566, pp. 492–510. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33615-7_4

    Chapter  Google Scholar 

  • Laperdrix, P., Rudametkin, W., Baudry, B.: Mitigating browser fingerprint tracking: multi-level reconfiguration and diversification. In: 2015 IEEE/ACM 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), pp. 98–108 (2015)

    Google Scholar 

  • Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 276–291 (2014)

    Google Scholar 

  • Laurén, S., Mäki, P., Rauti, S., Hosseinzadeh, S., Hyrynsalmi, S., Leppänen, V.: Symbol diversification of Linux binaries. In: Proceedings of World Congress on Internet Security (WorldCIS-2014) (2014)

    Google Scholar 

  • Li, L., Li, Q., Shi, Y., Zhang, K.: A new privacy-preserving scheme DOSPA for SaaS. In: Gong, Z., Luo, X., Chen, J., Lei, J., Wang, F. (eds.) Web Information Systems and Mining. LNCS, vol. 6987, pp. 328–335. Springer, Berlin Heidelberg (2011)

    Chapter  Google Scholar 

  • Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 290–299. ACM, New York (2003)

    Google Scholar 

  • Liu, X., Yuan, D., Zhang, G., Li, W., Cao, D., He, Q., Chen, J., Yang, Y.: Cloud workow system quality of service. In: The Design of Cloud Workow Systems, Springer Briefs in Computer Science, pp. 27–50. Springer, New York (2012)

    Google Scholar 

  • Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance Theory in Practice. O’Reilly Media Inc., Sebastopol (2009)

    Google Scholar 

  • Mell, P., Grance, T.: The NIST definition of cloud computing. Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology (2011)

    Google Scholar 

  • Mowbray, M., Pearson, S.: A client-based privacy manager for cloud computing. In: Proceedings of the Fourth International ICST Conference on Communication System software and middleware, COMSWARE 2009, pp. 5:1–5:8. ACM, New York (2009)

    Google Scholar 

  • Mowbray, M., Pearson, S., Shen, Y.: Enhancing privacy in cloud computing via policy-based obfuscation. J. Supercomput. 61(2), 267–291 (2012)

    Article  Google Scholar 

  • Nagra, J., Collberg, C.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education, Upper Saddle River (2009)

    Google Scholar 

  • Omar, R., El-Mahdy, A., Rohou, E.: Arbitrary control-ow embedding into multiple threads for obfuscation: a preliminary complexity and performance analysis. In: Proceedings of the 2nd International Workshop on Security in Cloud Computing, SCC 2014, pp. 51–58. ACM, New York (2014)

    Google Scholar 

  • Padilha, R., Pedone, F.: Confidentiality in the cloud. Secur. Privacy IEEE 13(1), 57–60 (2015)

    Article  Google Scholar 

  • Palanques, M., DiPietro, R., del Ojo, C., Malet, M., Marino, M., Felguera, T.: Secure cloud browser: model and architecture to support secure web navigation. In: 2012 IEEE 31st Symposium on Reliable Distributed Systems (SRDS), pp. 402–403 (2012)

    Google Scholar 

  • Patibandla, R.,S.,M.,Lakshmi, Kurra, S.S., Mundukur, N.B.: A study on scalability of services and privacy issues in cloud computing. In: Ramanujam, R., Ramaswamy, S. (eds.) ICDCIT 2012. LNCS, vol. 7154, pp. 212–230. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28073-3_19

    Chapter  Google Scholar 

  • Pearson, S., Shen, Y., Mowbray, M.: A privacy manager for cloud computing. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) CloudCom 2009. LNCS, vol. 5931, pp. 90–106. Springer, Heidelberg (2009). doi:10.1007/978-3-642-10665-1_9

    Chapter  Google Scholar 

  • Popov, I.V., Debray, S.K., Andrews, G.R.: Binary obfuscation using signals. In: USENIX Security (2007)

    Google Scholar 

  • Prasadreddy, P., Rao, T., Venkat, S.: A threat free architecture for privacy assurance in cloud computing. In: 2011 IEEE World Congress on Services (SERVICES), pp. 564–568 (2011)

    Google Scholar 

  • Qin, Y., Shen, S., Kong, J., Dai, H.: Cloud-oriented SAT solver based on obfuscating CNF formula. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds.) APWeb 2014. LNCS, vol. 8710, pp. 188–199. Springer, Heidelberg (2014). doi:10.1007/978-3-319-11119-3_18

    Google Scholar 

  • Rauti, S., Laurén, S., Hosseinzadeh, S., Mäkelä, J.-M., Hyrynsalmi, S., Leppänen, V.: Diversification of system calls in Linux binaries. In: Proceedings of the 6th International Conference on Trustworthy Systems (In Trust 2014) (2014)

    Google Scholar 

  • Reiss, C., Wilkes, J., Hellerstein, J.: Obfuscatory obscanturism: making workload traces of commercially-sensitive systems safe to release. In: 2012 IEEE Network Operations and Management Symposium (NOMS), pp. 1279–1286 (2012)

    Google Scholar 

  • Rhoton, J., de Clercq, J., Graves, D.: Cloud Computing Protected: Security Assessment Handbook. Recursive Limited, London (2013)

    Google Scholar 

  • Ryan, P., Falvey, S.: Trust in the clouds. Comput. Law Secur. Rev. 28(5), 513–521 (2012)

    Article  Google Scholar 

  • Skoudis, E.: Malware: Fighting Malicious Code. Prentice Hall Professional, ‎Upper Saddle River (2004)

    Google Scholar 

  • Skvortsov, P., Dürr, F., Rothermel, K.: Map-aware position sharing for location privacy in non-trusted systems. In: Kay, J., Lukowicz, P., Tokuda, H., Olivier, P., Krüger, A. (eds.) Pervasive 2012. LNCS, vol. 7319, pp. 388–405. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31205-2_24

    Chapter  Google Scholar 

  • Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)

    Article  Google Scholar 

  • Tapiador, J., Hernandez-Castro, J., Peris-Lopez, P.: Online randomization strategies to obfuscate user behavioral patterns. J. Netw. Syst. Manag. 20(4), 561–578 (2012)

    Article  Google Scholar 

  • Tian, Y., Song, B., Huh, E.-N.: Towards the development of personal cloud computing for mobile thin-clients. In: International Conference Information Science and Applications (ICISA), pp. 1–5 (2011)

    Google Scholar 

  • Top Threats Working Group: The notorious nine: cloud computing top threats in 2013. Cloud Security Alliance (2013)

    Google Scholar 

  • Tunc, C., Fargo, F., Al-Nashif, Y., Hariri, S., Hughes, J.: Autonomic resilient cloud management (ARCM) design and evaluation. In: 2014 International Conference on Cloud and Autonomic Computing (ICCAC), pp. 44–49 (2014)

    Google Scholar 

  • Varadharajan, V., Tupakula, U.: Security as a service model for cloud environment. IEEE Trans. Netw. Serv. Manag. 11(1), 60–75 (2014)

    Article  Google Scholar 

  • Villari, M., Celesti, A., Tusa, F., Puliafito, A.: Data reliability in multi-provider cloud storage service with RRNS. In: Canal, C., Villari, M. (eds.) Advances in Service-Oriented and Cloud Computing. Communications in Computer and Information Science, vol. 393, pp. 83–93. Springer, Heidelberg (2013)

    Google Scholar 

  • Vleju, M.B.: A client-centric ASM-based approach to identity management in cloud computing. In: Castano, S., Vassiliadis, P., Lakshmanan, Laks, V., Lee, M.L. (eds.) ER 2012. LNCS, vol. 7518, pp. 34–43. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33999-8_5

    Chapter  Google Scholar 

  • Yang, P., Gui, X., Tian, F., Yao, J., Lin, J.: A privacy-preserving data obfuscation scheme used in data statistics and data mining. In: High Performance Computing and Communications 2013 IEEE International Conference on Embedded and Ubiquitous Computing (HPCC-EUC), pp. 881–887 (2013)

    Google Scholar 

  • Yang, Q., Cheng, C., Che, X.: A cost-aware method of privacy protection for multiple cloud service requests. In: 2014 IEEE 17th International Conference on Computational Science and Engineering (CSE), pp. 583–590 (2014)

    Google Scholar 

  • Yau, S.S., An, H.G.: Protection of users’ data confidentiality in cloud computing. In: Proceedings of the Second Asia-Pacific Symposium on Internetware, Internetware 2010, pp. 11:1–11:6. ACM, New York (2010)

    Google Scholar 

  • Zhang, G., Liu, X., Yang, Y.: Time-series pattern based effective noise generation for privacy protection on cloud. IEEE Trans. Comput. 64(5), 1456–1469 (2015)

    Article  MathSciNet  Google Scholar 

  • Zhang, G., Yang, Y., Chen, J.: A historical probability based noise generation strategy for privacy protection in cloud computing. J. Comput. Syst. Sci. 78(5), 1374–1381 (2012a). {JCSS} Special Issue: Cloud Computing 2011

    Article  Google Scholar 

  • Zhang, G., Yang, Y., Chen, J.: A privacy-leakage-tolerance based noise enhancing strategy for privacy protection in cloud computing. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1–8 (2013)

    Google Scholar 

  • Zhang, G., Yang, Y., Liu, X., Chen, J.: A time-series pattern based noise generation strategy for privacy protection in cloud computing. In: 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 458–465 (2012b)

    Google Scholar 

  • Zhang, G., Yang, Y., Yuan, D., Chen, J.: A trust-based noise injection strategy for privacy protection in cloud. Softw.: Pract. Exp., 42(4), 431–445 (2012c)

    Google Scholar 

  • Zhang, G., Zhang, X., Yang, Y., Liu, C., Chen, J.: An association probability based noise generation strategy for privacy protection in cloud computing. In: Liu, C., Ludwig, H., Toumani, F., Yu, Q. (eds.) ICSOC 2012. LNCS, vol. 7636, pp. 639–647. Springer, Heidelberg (2012b). doi:10.1007/978-3-642-34321-6_50

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Shohreh Hosseinzadeh .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Hosseinzadeh, S., Laurén, S., Rauti, S., Hyrynsalmi, S., Conti, M., Leppänen, V. (2017). Obfuscation and Diversification for Securing Cloud Computing. In: Chang, V., Ramachandran, M., Walters, R., Wills, G. (eds) Enterprise Security. ES 2015. Lecture Notes in Computer Science(), vol 10131. Springer, Cham. https://doi.org/10.1007/978-3-319-54380-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-54380-2_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-54379-6

  • Online ISBN: 978-3-319-54380-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics